On television shows, sometimes characters encounter encrypted data.
There are a number of popular tropes regarding this:

A technically savvy villain has encrypted some data. The hero
needs to guess the password to decrypt it. To do so, the hero
delves into the villain's psychology. Eventually we discover that
the most important thing to the villain is actually their pet
rabbit, named "fluffy bunny", not their secret terrorist organization as
we initially guessed. The hero enters "fluffy", just in the nick
of time. Hooray, the hero has cracked the encryption!

A technically savvy villain has encrypted some data, and the hero
has their hard drive. It will take 10 hours to decrypt, but the
first bomb goes off in 8 hours! The hero manages to deal with the
first blast, giving our diligent technicians time to decrypt the
data.

A technically savvy villain has encrypted the data. Normally
it would be easy to break, but there are multiple layers of
encryption, each somehow more devious than the last! However, our
diligent technicians report hourly progress as they break through each
"layer".

A technically savvy villain has a computer system that the heroes
wish to acquire remote access to. In order to access this system,
the hero hacker must "break the encryption". This will take some
time, but, when the "encryption" is "broken", they have access to the
villain's computer, and can control it completely.

These are wrong. They are so wrong that they set my
teeth on edge.

I am not an expert on cryptography. I have a passing interest in
computer security, but I am by no means an expert. So, I will not
approach the topic as an expert. I won't try to explain any of the
math involved; I suspect that previous explanations may have failed to
reach these writers' ears because they were too confusing. Here are
a few simple facts about the plot-lines above:

Nobody who has even twenty minutes of experience with encryption
software will choose a password like "fluffy". Of course, many
users have weak passwords for their Facebook accounts, but a
child-prodigy criminal mastermind who expects federal agents to
get his encrypted hard drive will have a password like
"qua2IeshvePhu2QuAeShohd8". They will train themselves to type
this from memory, very quickly. Better yet, if their data is
encrypted, it is likely encrypted with a key. This key will most
likely be separate from their data, and the key will itself be
encrypted with the password. These are not crazy military-grade
precautions; this is the default behavior of the free encryption
software present in various operating systems.

Here's a simple rule of thumb. If you only take one thing away
from this article, I hope it will be this:

You cannot "break" encryption. Ever.

In the days where movie stars will spend months and millions of
dollars intensely learning kung-fu so that they can accurately portray
martial-arts moves, it is amazing to me that it isn't worth one hour's
time for the average television writer who is incorporating
cryptography as a plot device to learn this one, very basic piece of
information.
Brute-force attacks against current cryptographic methods would, using
present-day cryptographic technology, take — and this is not an
exaggeration — a billion
billion billion billion billion years to crack. While there
have been a
few successful attacks against modern cryptographic methods, they
are almost exclusively attacks which involve a bug in a popular piece
of software, not a flaw in the cryptographic math. Those bugs
are fixed quickly when they are discovered, and someone concerned
about the integrity of their encrypted data could quickly and easily
find out about them and get a fixed version of the software in
question. If one cryptographic algorithm were well and
truly cracked, there are dozens of others
which our villains could upgrade to. Again, none of this is
crazy military-grade security. This is software that any
teenager with a free hour to search the internet could find. I
was encrypting my hard drive with stuff like this when I was
12.
That's not to say that you can't have encryption being cracked on a
television show. Please be aware, however, that generalized
crypto-cracking as a routine task performed by technicians, even
extremely skilled technicians, is science fiction.
It is inappropriate in a dramatic show that is trying to be
realistic.
Again, for emphasis: cracking crypto isn't "really hard". It
isn't "practically impossible". You don't need an "elite hacker"
who is "really good" to do it. Breaking crypto is really,
totally, theoretically impossible, and there is a worldwide, very
public community of mathematicians and researchers trying to make sure
it stays that way. If your heroes work for some kind of secret
spy agency, they should remark upon the ethical considerations of
their special access to technology that the general public and the
scientific community does not have and are not aware of.
The one exception to this rule is if the villain chooses a weak
password, which can be guessed by a random password guesser. Our
heroes may get lucky and discover that they chose a password which a
brute-force decryptor guesses in the first quintillion or so
tries. However, in this case, there is no way to know how
long the cracking will take, before it is done. Each new guess
for the password is totally blind; either it decrypts the data or it
doesn't. There's no way to tell how many more guesses you have
to go, or in fact whether any of the guesses will work before your
guesser runs out of things it could reasonably try.

Since one "layer" of encryption is effectively impossible to break,
it would be very strange for our villain to use "layers" of encryption.
There's rarely a need. Ther e are some obscure possible
exceptions: the villains might be if they wanted to ensure co-operation
within their group, and encrypted data in such a way that multiple keys
were required to decrypt it. Or they might be using onion routing. However, each
"layer" of encryption is equally impossible to break, so it still
wouldn't make sense to talk about breaking them one at a time.

All "encryption" is, is converting a block of sensible data
("plaintext") into a block of what appears to be unreadable nonsense
("ciphertext") unless you have the secret decoder ring. If the
hero "breaks the encryption" (which, as I've said above, is probably
impossible) they still can't access the villain's computer over the
internet, unless the thing that was encrypted was the villain's remote
access password.

In summary, the worst recurring theme here - although I recognize its
dramatic value - is the "progress bar" approach to computer security
problems. If someone is going to break into a attempt to decrypt
some data or remotely access a computer system, either it will work nearly
instantly (we know the password for the encrypted data, we know an
exploit
for the remote system) or it will not work at all. "Your
progress indicator will sit at 0% complete forever."

The underlying misconception, I think, is to believe that cryptography is
like a locked box that the villain has put their data into. If the
cops found a locked box with some evidence in it, they could ask you for
the key (which you would have to hide in one of a limited number of
places) or they could simply drill a hole in the box. Stressed
technicians in these TV shows frequently declare that they are "going as
fast as they can" with the decryption, as if they were drilling through
some very hard metal.

Cryptography is not a metal box. It's more like a parallel
dimension. There isn't really a good analogy, because no physical
security system is quite like cryptography. But since you're a TV
writer if you're reading this (right?) think of it like a Stargate. Imagine that portable
stargates are cheap to manufacture. Everybody has one; when you buy
stuff over the internet, you put your credit card into a stargate and it
comes out near the payment processor securely. (This is how the
little
lock on your browser works.)

The Cryptogate is not exactly like a Stargate, either. There
isn't a small, limited number of places it can go. These little
devices can go to any point in the multiverse. Rather than a
rotating wheel with a number of characters, they have a little slot, where
you insert a piece of glass. It etches a random pattern on the glass
(this is your "private key") that describes the point where your object
will be sent: you don't know where it is, except that it will be a spot
where it's safe to stick your hand to retrieve it. It could be
anywhere in an infinite number of worlds, in a cave, in the sky: nobody
knows, not even you. You put your "private key" in the key slot, the
gate opens up, you drop your valuables in, and then you take your key
out. Those valuables are gone forever. The gate is a useless
hoop of metal without your "key"; there's no way to guess what mysterious
pattern of scratches it put on that glass, the destination was random.

You may notice there's no password in that extended metaphor, and indeed,
one can use cryptography entirely without passwords; the private key is
the important bit. However, since many people leave the private key
on their hard drive, rather than separately, it is itself encrypted
with a password. We can extend the metaphor even further to include
this: let's say that your little piece of glass only describes what galaxy
will be selected, and you choose a magic phrase that selects what location
within that galaxy will be selected. So, you insert the key, but the
gate is still useless until you say the word. Then it opens
up to reveal your stuff.

If you need a physical analogy in your mind, this is what you should
imagine breaking cryptography is like. A bunch of very frustrated
technical people sitting around, staring at a useless loop of metal,
knowing that it contains what they need, but totally unable to make
it do anything useful without a tiny piece of glass that they don't have,
and a magic word that they don't know. They can sit around guessing
words and scratching random patterns on glass all day, but they will never
know if they're "20% done".

Now that I've destroyed any possible dramatic tension that can come from
the race to "break the code", here are some suggestions you can replace
these tired old fallacies with:

It's not just bad guys who use cryptography. In any secure
super-secret anti-terrorism anti-supervillain government organization,
encrypting all communication is likely to be routine. What if one
of the villains got hold of one of the heroes' private keys, via some
kind of deception? The heroes would be confident that their
communications were secure and authentic, because the code is
"unbreakable" — but humans are always the weakest link.

A bad guy is planning something bad, and encryping their
plans. The good guys know that if they barge in, the bad guy is
going to instantly destroy the key, making the data they need
permanently irretrievable. Cryptography may be secure, but there
are some real-life things that aren't. Like monitors and keyboards.
(Wouldn't it be spooky to show your spy characters determining what
someone was typing by listening to them with a stethoscope against a
wall? Or looking at their screen through a solid object?
That's something you can really do!)

A bad guy is using SSL encryption to communicate with a web
site. Luckily our baddy doesn't really know how security works, so
the good guys execute a man in the
middle attack with the complicity of the baddy's ISP and a valid
certificate
authority such as VeriSign, for all intents and purposes becoming
the "real" web site. If you're one of those too-clever-by-half
writer types that likes that highfalutin social commentary stuff,
this might be an intriguing look at our society's blind trust of the
flawed security model of the web.

I took away four plot devices, so I'll give you four back: one of
our heroes (either temporarily or permanently) loses their encryption
key, and cannot access vital information. Can they get the key
back in time? Or: can they remember enough of their data to work
without access to their computerized information?

As a bonus: Spooks ran an
interesting
episode about a game-over exploit for TLS. There was still a
lot of cringeworthy misunderstanding of what crypto really is,
though. (In a typical mistake, the guy who possesses the crypto
crack can mysteriously control computers with it. But I could
suspend my disbelief, because if he could really break crypto that
easily, he could observe any communication with the supposedly secure
systems, including network sessions that included passwords.)

If anyone reading this knows someone who works as a writer for
television shows or movies, please, please recommend that they read
this post. These days, a lot of people learn about technology from
popular culture. We need to have better understanding of basic,
everyday technologies like cryptography and digital media, if we are ever
going to get sane laws about those things.